Boston, MA – September 24, 2013 – Core Security®, a leading provider of predictive security intelligence solutions, today announced the release of Core Impact® Pro 2013 R2, latest version of the company’s professional vulnerability assessment and penetration testing software, that allows organizations to proactively test IT infrastructure and identify exactly where and how an organization’s critical data can be breached.

Core Impact Pro 2013 R2 introduces new surveillance camera capabilities that test networked cameras for vulnerabilities and authentication weaknesses, which Impact can leverage to provide access to the compromised camera’s video feed. This version also extends the product’s web application testing capabilities to identify vulnerabilities in Web Services used in Web 2.0 and AJAX applications. In addition, the new version contains enhanced remediation and validation reporting. Impact 2013 R2 is supported by the company’s extensive library of more than 3,100 commercial-grade exploits and other attack techniques.

Millions of surveillance cameras are being added to networks at enterprises and organizations, globally. With the added ability to monitor activities comes the added risk of more potentially unprotected devices on the network. Core Labs has done extensive research on surveillance camera vulnerabilities and has published several advisories on the subject. The added surveillance camera capabilities provide security professionals with the ability fingerprint and assess the security posture of these devices, as they currently do with other networked devices.

“The new surveillance camera capabilities are a big step forward for the industry. Surveillance cameras are one of the fastest growing security measures being taken by the likes of public institutions like airports, as well as private institutions like financial institutions, large office buildings, and casinos. Technology innovations such as hi-def video and 360 degree field of view have led to these surveillance cameras becoming as capable as a standard PC – making them attractive targets for attackers to gain entry into the deepest part of IT infrastructure.” said Milan Shah, senior vice president of Products and Engineering at Core Security. “It is crucial that these surveillance cameras be deployed and managed in a secure manner. As a leader in security research and the security market, we have combined the advanced technical capabilities driven by our researchers at Core Labs with our customers’ input to continue to deliver new comprehensive solutions to the market.”

Core Impact Pro 2013 R2 also supports SOAP and REST (using JSON) Web Services testing. During the web application information gathering Core Impact identifies Web Services definitions and calls, adding them to the list of items to test. Impact supports automatic discovery of web services, but in cases where that is not sufficient, Impact offers an “interactive web crawling’ feature that allows a user to dig deeper into an application by manually interacting with the application. As part of the web application attack and penetration phase, Impact will look for SQL Injection and OS Command Injection vulnerabilities against the discovered Web Services, resulting in an installed agent when a vulnerability is successfully exploited.

The new IMPACT version also includes enhanced validation and reporting capabilities to assist security professionals with distributing important security information. These enhanced reports compare the workspace's original results with those after remediation efforts have been performed. This historical view eliminates the need to have detailed knowledge of a specific pen test that may have been completed in a prior timeframe, by another team member or third-party tester. By using the remediation validation functionality Impact stores all the required information allowing users to verify the current status of previously detected issues by just following a simple wizard.

In addition to the features listed above, Impact 2013 R2 also includes:

Web Application Remediation Validation capabilities, extending the functionality served in R1 that was highly requested and widely used by our customers

SQL agent support in network vector to attack available databases, especially useful when the target environment prevented the tester from installing an OS agent but a database is compromised

New “Identity Verifiers”, now including support for testing identities against RDP (Terminal Services), RTSP, and VMWare services

Tighter “Nessus” integration, allowing IMPACT users to directly connect a remote Nessus server instead of requiring importing the data from a local file

And “Nmap” RPT integration, among other numerous improvements

More about Core Impact Pro:

Core Impact® Pro is the most comprehensive software solution for assessing the real-world security of web applications, network systems, endpoint systems, email users, mobile devices, wireless networks, and network devices. Backed by Core Security’s ongoing vulnerability research, Impact Pro allows you to take security testing to the next level by safely replicating a broad range of data breach threats. As a result, you can identify exactly where and how your organization’s critical data can be breached. Learn more about Core Impact Pro penetration testing software at http://www.coresecurity.com/core-impact-pro.

About Core Security

Core Security is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CoreLabs, the company’s innovative security research center. For more information, visit www.coresecurity.com.

###

Core Security, Core Impact, Core Impact Professional, Core Secured, and CoreLabs are registered trademarks and/ or trademarks of Core SDI, Inc. in the United States and/or other countries. All other products and services are trademarks of their respective owners.